Rockstar Games confirms breach after ShinyHunters leaks stolen analytics data

Rockstar Games says a third-party breach exposed internal analytics data after ShinyHunters linked the incident to Anodot and Snowflake.

Key takeaways

• Rockstar Games confirmed a data breach tied to a third-party incident rather than a compromise of its own systems
• The ShinyHunters extortion gang claims it leaked more than 78 million records from analytics environments connected to Rockstar
• Rockstar says the exposed information was limited and non-material and that the incident did not affect players or core operations
• The leaked material appears to center on internal analytics, including online service monitoring, support metrics and business intelligence tied to GTA Online and Red Dead Online
• The breach is part of a broader campaign linked to Anodot and Snowflake-connected environments, where stolen authentication tokens were allegedly used to access customer data
• The incident highlights third-party integration risk, especially when cloud analytics tools have privileged access to operational datasets

Third-party breach pulls Rockstar into wider campaign

Rockstar Games has confirmed that company data was accessed in a breach tied to a third-party provider, after the ShinuHunters extortion gang listed the studio on its leak site. The incident appears connected to a broader wave of attacks involving stolen authentication tokens linked to Anodot, a SaaS analytics integration platform.

In a statement first shared with Kotaku, Rockstar said a “limited amount” of non-material company information was exposed and added that the incident had no impact on its organization or its players. Available reporting suggests internal business telemetry rather than customer account compromise.

What the leaked Rockstar data appears to contain

The stolen files appear to center on analytics used to monitor Rockstar’s online operations, including service performance, support workflows and internal business metrics, according to reporting on the leak. References reportedly point to Grand Theft Auto Online and Red Dead Online, with data tied to player behavior, revenue patterns and support analytics.

There were also reported signs of fraud-detection and anti-cheat testing data in the exposed material. Even if the company is accurate in describing the breach as non-material, those categories can still be valuable to threat actors because they reveal how a publisher measures abuse, monetization and platform health behind the scenes.

Snowflake and Anodot connection

The Rockstar breach is part of a broader campaign targeting customers in environments connected to a compromised third-party integration. Snowflake has said it detected unusual activity affecting a few customer accounts tied to such an integration and moved to lock down impacted environments and notify customers.

Snowflake later confirmed that Anodot was the third-party company at the center of that investigation.

Another reputational hit for Rockstar Games

For Rockstar, the breach revives uncomfortable memories of the 2022 intrusion that led to the leak of Grand Theft Auto VI material.

This time, however, the immediate message from the company is far more contained, as the leak allegedly didn’t impact players or disrupt operations and there is no sign that it includes consumer credentials.

Frequently asked questions (FAQ)

What happened in the Rockstar Games breach?

Rockstar Games confirmed that some company information was accessed in a third-party data breach after ShinyHunters claimed responsibility and listed the company on its leak site. Rockstar said the incident didn’t affect players or operations.

Was player data stolen in the Rockstar breach?

Based on Rockstar’s public statement and current reporting, there is no indication that player accounts or player-facing systems were affected. The company described the exposed information as non-material internal data.

Who is ShinyHunters?

ShinyHunters is a cybercrime group known for data theft, extortion and leak-site pressure tactics. In this case, the group claimed responsibility for the Rockstar incident and threatened to publish stolen information if its demands were not met.

Has Rockstar been breached before?

Yes. Material from Rockstar’s Grand Theft Auto VI was leaked in a major security incident in 2022. The latest breach is separate but it adds to the company’s history of high-profile cyber incidents.